log user out based on changed privileges

Question

I am a novice php programmer building a multiuser application in codeigniter.

Now, my boss has told me to look into the ability to log out people based on their changed user access privileges.

Fx. A guy is logged in as a semi admin, but has just been demoted by a real admin to regular user status. Now the semi admin should supposivly be logged out when that happens but this is where my problem occurs.

I can think of a few ways to do this but they all revolve around doing checks that will be redundant in most cases (this is a rare situation but it has occured, i have been told)

My best bet at the moment is to log all the active users in a session db and force them to relog in if their user role changes.

This however is going to generate a lot of trafic on the server for a rare "problem" as the user session data is more fittingly put into a regular session.

So my question in short is, how can i log out a user when his user privileges are changed, without working my server too hard.

Thanks in advance!

Answer 1

You can check if privileges have changed periodically, like once every 10 minutes, this should reduce the amount of "useless" queries and still ensure that there is an acceptable response time to a logged in user privileges being changed.

Answer 2

Add a javascript listener on the page then, when the super admin changes the semi-admin privileges to a normal user, trigger the logout event. Make sure that the app has javascript enabled, otherwise it won't work. This solution is used by many ACL-based apps.